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"USER RECOGNITION SYSTEM FOR AUTOMATICALLY CONTROLUNG 
ACCESSES, APPARATU SES AND THE LIKE EQUIPMENT " 

Field of application 

5 This invention relates to an integrated user recognition systenn suitable for 

automatic access management and customised use of apparatuses, dispensers, 

services, goods and the like. 

More particularly, the present invention can be applied to an essentially unlimited 

number of applications and is suitable for use in the fomiation and management of a 
10 user archive, the management of production flows, databases, remote-controlled 

payments, electronic signature and the like. 

Background of the invention 

Problems to be faced In the producUon and management of customised access 

15 systems for providing access only to authorised, ticket holding or somehow recognized 

perscms to public business or premises, offices, hospitals and transport means, e.g. 

underground, bains, and the like are well known. 

CuHBnt registration methods often invoMng paper work possibly coupled with 

magnetic identiiying cards (e.g. badges for offices and factories or debit card for access 

20 to credit services), frequently involve inefficiencies, slackness in tiie search, taking of 

substantial archive space, data recovery difficulties and still further problems such as 

the need for the presence of at least one operator. 

In certain protected areas like banks, automatic biometric recognition systems 

have already been proposed for identification of some physical characteristics of the 

25 user, such as finger prints or retina recognition. 

See, in this concern, international patent application WOOO/42577 (Sensar, Inc.), 

which, however, is aimed at preventing hackers from getting hold of data transmitted 

from a biometric sensor on its path to a server to be used subsequentiy for fraudulent 

purposes, international patent application WO 99/16025 (Raytheon Company), that 

30 discloses processing and storing in a tenninal biometric data picked up by the terminal 

itself, i.e. a stand-alone type terminal, and patent US-6 070 796 (Siri^u) ttiat discloses a 
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pointing device of mouse trackball type or the like provided with a slot for inserting a 
card Including a microchip in which a code is memorised to which biometric data 
detected by a finger print sensor are compared, with no data being transmitted through 
the network or processed in the PC. 
5 in general, these are systems include data reading means provided on entirely 

integrated electronic cards, an inner microprocessor to process the data thus cotecfed 
and an integrated memory in the reading means itself for storing sud) data. 

Moreover, such systems have the disadvantage of being expensKre to produce, 
£3 as each reading means is a substantially complete unit with its own processing unit and 
p 10 Its own memory means. At the same time, the memory capacify of every such means is 
limited, thereby preventirig, unless one is dealing with most highly evolved and costly 
93 models, recording more than 5,000 user's printe (normally of 2,500 users). Moreover, 
data working and self-synchronisation speed among several detectors linked to eadi 
other in a networic generally through an RS485 serial line cannot be very high as the 
£315 whole data acquisition, comparison and possible recording stage is cammed out by each 
.A indh/iduai reading means and interfacing with a central unit occurs In a passh/e way, 
JIJ nomnally through a very slow serial line of RS232 type only for data report. 

This solution, therefore, has the drawback of using a huge amount of resources 
since each reading unit must be equipped with its own processing and storing means 
20 for data saving and with self-synchronization capacity for data transfer to each reading 
unit in the networi^. Should data stored in each reading unit be saved, Instead, on the 
hard disk of the server, the limitation of establishing, an interactive and personalized 
data flow through sufficienfly wide band communication lines between reading unit and 
server would stilt remain. As a matter of feet, owing to the above mentioned structure a 
25 bottle neck would be the low serial line, in genera! a RS232 line, between server and 
reading units normally connected to each other by way of a serial line RS485. 

Other systems which use biometric data for identifying a user are the smart 
cards. This solution makes it possible to register biometric data, e.g. a finger print, on a 
microchip in a card. Such a card, vy^en inserted in a suitable apparatus having a finger 
30 print reader, allows data stored in the card to be compared with those acquired by the 
finger print reader itsell The disadvantage of such, a solution is that in any case the 
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card is not efiminated and an hacker could provide liimself with a snr^art card and 
enable it with his own finger prints. 

Further reading systems have been suggested that control, through finger print 
recognition, access to a personal computer and/or enable use of its respective 
keyboards in order to avoid the use of inconvenient passwords. These systems are 
Specificaiiy dedicated to such a function. Data transmission thus takes place through a 
parallel or USB gate, but only very limited distances of no more than about 5 m can be 
covered. This makes such systems unsuitable for uses such as access manag^ent or 
S3 use of equipment in public places and undertakings. 

10 

f^- Summary of the invention 

The main object of the present invention is to substantially eliminate the above 
■ drav^acks, thereby attaining the advantages refened to hereinbelow. 

Another object of the present invention is to provide an integrated user 
|§ 15 : recognition system suitable for managing or controlling customised accesses to places, 
^ .equipments, information, graphic animation, files and Vfxe possibiiify of handling goods, 
PJ dservices and money and for operating a substantially unlimited number of users at a 
very reduced production, installation and running costs, ovinng to very low overall 
energy consumption. 

20 Another object of the present Invention is to avoid any additional cost, both for 

the manager and the user, for acquiring a magnetic card or the like means of 
identification. 

Another object of the present invention Is to provide a integrated s^tem of 
modular type, both so far ad hardware and software is concerned, that can be 
25 extended and implemented at any time depending upon the changing needs to be faced 
by the public place or undertaking v\^ere it is used. 

A further object of the present invention is to eliminate the need for any 
recognition means, e.g. an electronic card or the like, which is liable to be left behind, 
to be lost or to become demagnetised and normally requires storing of a personal 
30 identification code (PIN). 
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A further object of the present invention is to ensure very easy installation of the 
bicwnetric reading terminals and very easy configuration of network addresses (ip 
addresses) in each temninal for obtaining a local comnDunication networic. 

Not last object of the present invention is to make it possible for a manage of a 
5 public commercial concem or of a good distributor or ser>«ce supplying concern to 
process data acquired from users In order to cany ait statistics, time analyst, 
accountancy studies and the like and to make them available on the acquisition 
1,1, terminal in real time on the same network in a highly personaii:^ manner the same 
^1 data can be further personalized through control of any keyboard or display connected 

10 to the acquiring terminal. 
Si; According to the present inventk>n there is provided a lecognitkMi system as 

I defined in the main dalm. 

Ovnng to the setting up of a two-way flow of infbrmatibn between an acquiring 
liJ data unit and a centra! procxssm, such as a PC or a serv^, the present invention 
C| 15 allows biunkiue management to be conducted, through biometric recognrtion, of a 
Jl piece of data or flow of customised data integrated into a system and supplied on a 
pJ large scale in real time, unobstnjcted access is possible vwth absolute certainty and 
security being possible at very low production and mnning costs. 

According to tiie invention, by using automatic biometilc recognition of an 
20 Wentifying physical characteristic of a user, possibly linked to keying of personal data or 
code on a keyboard, customised handling of a plurality pieces of equipment, 
dispensers or services is made possible. 

In the case of use of goods or services, user recognition may t>e linked to 
possible automatic billing or in ttie case of an Integrated terminal connected to intemet 
25 to an automatic configuration of the elecb-onic post account or flie like. 

The system according to the invention is based on biometric recognition of a 
physical characteristic of tiie user. In tiie following detailed description an embodiment 
will be described of a system which effects users' finger print recognition. The present 
invention is not, however, limited to ft. but includes also equivalent solutions that 
30 provide recognition of ottier user's distinctive physical diaracteristics. sudj as tiie retina 
of tiie eye, vokse, features of ttie face or a combination fliereof. 
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Sudn a s^tem comprises one or more units connected to one another in a 
communication netwoilc to at least one central processor. Such a communication 
network must have such a passing band as to make it possible a transmission speed of 
at least 1 Mbps and should include such a wiring as to obtain a quite economic 
5 network in so far as both installation and maintenance are concerned. 

According to a prefen-ed solution, such a network advantageously Is an Ethernet 
(IEEE 802.3) wiring or e mixed RS485/Ethernet network or other mbeed solutions, such 
as RS486 interfaced with USB gates or parallel gates of the used computer, a Canbus 
m network, a digital telecommunication network , e. g. accoreling the bluetooth standard, 
p 10 Moreover, by using geographfcal wiring that will be available very soon, use can be 
made of ethemet netwo*s to set in oommunlcatfon the various local networks This 
g makes it possible to process acquired and transmftted data in real time and to acquire a 
rapid and coherent data exchange between the periphery (blometric data detector) and 
0 J3ertira\ unit (network server or local processor of a host computer network), 
g 15 : Moreover, by using as communication protocol the TPC/IP protocol suite on a 
II qufek physical network , data are immediately and simultaneously made available to 
f J the acquisition process by the blometric data detector. Thus, two processes (scanning 
and data sending to the central processor) are simultaneously controlled. A highly 
powerful and efficient processor, e.g. a server for processing data from peripheral 
20 temiinals, is used. In this way, data scanning and transmission times to the processor 
are superimposed without being added up, thereby obtaining extremely reduced data 
scanning, acquisition, sending and processing times that are more advantageous with 
respect to those of a stand atone processor which includes a lass powerful processor 
with respect to that of a server and does not employ parallel or simultaneous processes. 

25 According to an important characteristic of the present invention each peripheral 

unit has at least one detecting or sensing means for detecting blometric data of a user's 
physical characteristic to be recognized, e.g. finger print, retina, voice and/or features of 
the face and at least one electronic card for the acquisition of data detected by the said 
detecting means and their transmission to the central processor. 
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According to another advantageous embodiment, tiie said elecfronic card is also 
suitable for compressing data detected by the said detecting means In order to obtein 
a higher transmission speed. 

Between each peripheral unit and its respective central processor at least one 
5 interface unit or network card is provided, which is suitable for connecting the said 
central processor to the Ethernet or serial network to whk:h the peripheral units are 
connected. 

According to a first ^bodiment, the nelworic caixi is an Ethernet caid. Accoitling 
ll to another embodiment, the processor gate connected to the network through a 
10 spedfic seriaMine network internee is a USB or parallel gate. 

According to another advantageous solution, the networi< card is a Canbus carel, 
v^eteas according to a another solution, the network card is a bii^ooth cant or radk> 
card. 

: ff^ The electronic card assodated with each of the peripheral units is suitable for 

a 15 managing a two^y data fk)w at a wkie band (IMbs), through the said networic and Its 
^1 respective tnterfoce by means of a conresponding central processor. Sudi an electronic 
W card IS also suitable for running communication with a kei^arti and a respective 
alphanumeric or graphic display. 

In view of the above, any infonnatton relating to a specific user acquired by the 
20 detecting unit, both for Its first recording and on subsequent comparisons and possible 
recognition, is transferred in a substantially simultaneous way to the central processor 
that becomes In this viay interactive wth its respective peripheral units. 

The presence of the interface, that pemiits wide-band data processing, makes it 
possible two-way data flow in real time, even on a large scale, e. g. on the Intemet 
25 network. 

Upon receiving such a flow of infomiation, the central processor processes and 
stores ttie user's identifying and characteristic features in code forni having an 
extremely reduce dimension, of the order of about a few hundreds of bytes (generally 
from 200 to 300 bytes). 
30 This code is then saved on Hie central processor hard disk and any additional not 

indispensable infomnation is deleted, also protecting the individual user's privacy since it 
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is not possible to trace back to the print, and tills also for safeguarding user's privacy 
as from such a code it is no longer possible to Identify the print, and thus the user that 
has generated it 

With tfiis solution the advantage is attained of transferring of the whole 
5 customers (users) archive from the individual terminals, as it occurs at the present time, 
to a central processor that, thanks to data codification, is adapted to store information 
on a substantially unlimited number of users, whose Identity depends only on the size of 
the mass storage of the server. 

Moreover, even in those cases where the reading terminal automatically 
10 processes the biometric data and transfer the generated print code direcUy onto the 
hard disk of the central server according to structures used at present by using large- 
band communication lines, it would be possible to generate in any case a two way data 
flow sufficientiy wide as to make it possible to exchange and share resources, such as 
web^ages, audio flies, >ndeo fiies or the like in real time made interactive by display 
IS and keyboards. As a matter of fact, the present structures include very slow 
communication channels between server and peripheral reading terminals, such as 
serial RS232. 

The use of a data acquisition and transmis^on card associated mth each 
peripheral unit and the presence of interface units suitable to simultaneously manage 

20 several data detecting units makes it possible to establish a network connection among 
various groups or modules of peripheral units even arranged at a distance from one 
another of the order of 1 km, a distance that can be increased by using suitable 
amplification systems. 

The system according to the present invention, besides using a local dedicated 

25 network, can also be used on internet network to allow a registered user, through 
acquiring and sending his identification code, to cany out at distance purchasing, 
renting operations of goods or services. In this case, each peripheral unit can be set up 
to send, via its respective local central processor or directly through an integrated 
modem, a piece of biometric data in tcpTip network to a remote processor and exchange 

30 with it customised two-v^y Information in real time. 
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Brief description of the drawings 

Further aspects and advantages of the present invention can be better appear 
from the following description of some embodiments thereof given merely by way of 
non-limiting examples, with reference to the accompanying drawings, in which: 
5 - Figure 1 shows a flow chart of a user identification system according to the present 
Invention; 

- Figure 2 illustrates a preferred embodiment of the identification system according to 
the present invention; 

9 " FiQure 3 shows a variation of the embodiment of Fig. 2; 

1^ 10 - Figure 4 shows another variation of the embodiment of Fig. 2; 

- Figure 5 illustrates a furtiier variation of the embodiment of Fig . 2; and 
(3 - Figures 6 and 7 show two further embodiments of present in>^ntion. 

f 3 Detailed Description of the Preferred Embodiments 

Ij 15 With reference first to Figure 1, a system particuiariy for automatic management 

J5 of accesses and/or equipment In public commercial concerns, sport centres, offices, 
PJ factories and the liker, according to the present invention, is generally indicated with tfie 
numeral 1. More particularly, the system 1 comprises a processing unit 2, typically a 
personal computer, in which there is implemented, besides a server-type management 
20 operating system, a customer archive witii respective identification details. The 
processing unit 2 Is connected by way of a network connection 3 to a plurality of user's 
brometric print detecting/identification devices, ail indicated with 4 and adapted to 
provide a customized service to the customer in real time after the customer has been 
recognized, possibly tiirough an interface parallel/serial or USB/serial converter 5. 
25 More particuiariy, the networic connedioh 3 can be a serial port of RS485 type and thus 
the network of the serial port 3 can be a high speed serial network. 

The system shown in F^ure 1 also illustrates a further embodiment of the 
present invention, where, if the networic connection 3 comprises an Ethernet hub and 
the connection between the hub 3 and each device 4 Is an Ethernet connection (eiflier 
30 directly through optical fibre, with muKipair cable or cosDciai cable), an ethemet is 
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available having a transmission speed surely higher than 1 Mbps, thereby ensuring 
that customer's requests are met in real time. 

Figures 2 to 7 illustrate an integrated user's Identification system in accordance 
with the present invention generally indicated with the referents numeral 10 and 
5 comprising a plurality of peripheral units 11, each provided vwth at least one sensor 12, 
that can be of any suitable type, e.g. a finger print (13) recognizer, retina recognizer, 
voice print recognizer or face recognizer. 

According to a specific embodiment, sensor 12 comprises a silicon microchip 
O associated with a surface on which the user places his finger 13. The microchip is 
g 10 adapted, through processing by means of a suitable dedicated recognition software, to 
il3 aeate a digital profile corresponding to the user's print and convert It into a video signal 
gl with a resolution up to about 500 dpi. 

^3 Eadi peripheral unit 11 hse an electronic data acquisition and control care! 14 



ffl which Is suitable for two-way communication of data acquired by the sensor 12 with a 
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II 15 central processor 15, to which a plurality of peripheral unHs 11 are connected. This two- 
45 way communication occurs via a syndironous serial cable 16, e.g. using RS485 
communication standard, that allows data to be transmitted at 10 Mbps for distances up 
to 400 m, or at 2 Mbps for distances up to about 1.2 km. 

Connection between serial cable 16 and central processor 15 occurs through 
20 interface 17 having at least one chip 18 of RS485 standard which in its standard 
configuration is suitable for mnning up to 32 peripheral units 11 (Fig. 3). Interface 17 is 
designed to establish connection between cable 16 and a USB port, or a parallel port 19 
Of tiie central processor 15, tiius establishing a two-way connection between each 
peripheral unit 11 and the processor 15 ttiat becomes tiien continuously and fully 
25 interactive with tiie data acquiring units. More particulariy. interface 17 is a networic card 
suitable for managing biometric data from one or mare sensors 12 in respect 
peripheral units 1 1 and generic file or text data. 

In this way, owing to the presence of data acquiring and control card 14, 
infomiation relating to each individual user, as acquired by sensor 12. is transferred in a 
30 substantially simultaneous way and via said interface 17 to tiie central processor 15, 
Inside which the whole archive of th6 customers of the business, where ttie system 10 
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is installed, Is stored. The central processor 15 processes the data, and more 
particularly generates an identification code of about 200-300 bytes, from each acquired 
print If desired, it also carries out a comparison with the data already stored in the 
archive. 

5 The wide band (1 Mbps) used for the data transmission makes it possible for the 
central processor 15 to become fuliy interactive v\ffth its respective peripheral units 11. 
Thanks to the codification of the acquired and stored data, it is possible to build a 
practically unlimited data archive whose capacity i^^^^fl^^^H of the hard 
5 J disk in the central processor 1 5. 

Q lO interface 17, that can also include a buffer 20 for runnir^ data transmission 
% between the data collection cards 14 and the central processor 15 and for management 
^1 of multiple connection and data transfer requeste, can hantHe vM\ one chip 18 in 
ll standard cc^figuration up to 32 peripheral units 11. 

ShouM it be necessary to connect a greater number of peripheral units, the 
y 15 conjuration in F^. 3 can stiil be used by connecting the blod<s 21, each of 32 
% peripheral units, to a respective interface 17, which is connected in turn to a second 

Q USBor parallel port 19 of the central processor 15. 

fU 

The further variation illustrated in Fig. 4 provides the connection of 64 peripheral 
units 11 thanks to ite use of an interface 17 equipped with two R8485-standard chips 
20 18. 

According to the modification illustrated in Fig. 5, two or more connection 
interfaces 17, each with its respective chip 18, are connected to a hub 22 that sorts 
then the data for the central processor 15, 

Another solution, illustrated in Fig. 6, provides a plurality of interfaces 17 
25 connected one another in cascade, only the last interface 17 in the chain being 
connected to a port 19 at the central processor 15. 

According to yet another embodiment illustrated in Fig. 7, a plurality of interfaces 
11 are connected to one another in cascade and then to the interlace 17 that 
establishes communication with the central processor 1 5. 

30 
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With reference still to Fig. 6, according to a ftirther modification of the present 
invention there is provided that the server 15 is connected through an Ethernet network 
card 17 to a presence detecting temiinal 11 provided with Ethemet/RS485 interface. 
From this first terminal a cascade serial RS485 connections starts, which makes ft 
S possible to connect a high number of terminals 11 in cascade to the pre>^ousiy 
described terminal. Such an embodiment allows mixed networks to be obtained whidi 
through a terniinal with an Ethernet interface direcfly connected to the server 15 or a 
hub 22, as shown in Rg. 5, make It possible to connect to the server 15 a number of 
Q cascades of terminals 11 equal to the number of port available on each hub 22 and 
f 3 10 ensures that each cascade of terminals 11 establishes inside thereof communications 
a3 v^th a high-speed synchronous serial protocol and communicates with flie server 15 

with the same protocd or the TCP7IP network protocol. 
C3 With these variations ttiat do not embrace any possible network configuration 

Q that could be obtained wth such a basic stmcture of the system, the number of 
peripheral units 11 that can be connected to the a central processor 15 can be 
4% extended practically with no limit thanks both to the possibility of inserting further 
±1 connec^on interfaces 17 in tfie network; each provided \Affth a desired number of diips 
18, and to the capacity of each USB or parallel port 19 of the cenbal processor 15 to 
hold up to 127 interfaces 1 7 in a network. 
20 From the above it can be noted that the use of a data acquiring and control card 

14 associated with each peripheral data acquisition unit 11 makes it possible to transfer 
to the central processor 15 the whole handling of the customer archive, thereby 
reducing the working load of each unit 11. In this way, the memory capacity and 
processing speed can be increased substantially m&i no limit. In addition, data can be 
25 managed in a TCP/IP network, by advantageously using an Ethernet-type or RS486 
transmission standard. 

The use of suitable processing and management software allows acquired data 
to be compressed already In the peripheral units 11, thereby redudng the volume of 
data transmitted and thus increasing speed. The encoding carried out by the central 
30 processor 15 allows memory space required for storing the data on a specific user to be 
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reduced to a minimum. Such an encoding makes also possible to safeguard privacy as, 
after encoding, any print image can no longer be reconstructed. 

The electronic card 14 is also designed to run the alphanumeric or graphic 
display 23 and the keyboard 24 of an active or passive membrane type that might be 
5 provided in each peripheral unit f1. 

Some stendard components prlo^dded in ttie various blacks have been omrtfed in 
the drawings, such as memory buffers, feeders, signal amplifi^, connectors and the 
like as they are components well known to a person skilled in this field. 

Numerous variations and modifications can be made to the present invention 
€3 10 within the scope thereof. 

Thus, for example, instead of using a cable connection it is possible to connect 
per^heral units 11, interface 17 and the central processor 15 via radio, whereby any 
Q ^ring would be unnecessary. 

% As already mentioned above, besides throi^h a USB port, the connectlcMi to the 

|J15 central processor 15 can also occur by means of a parallel port on tiie processor 15 
j| itself. The connection to parallel port can also be combuied with the connection to USB 
|3 port for handling of a greater number of peripheral units 1 1 . 

The integrated system 10 according to the invenfon can be used in a 
substantially unlimited variety of applications. More particuiariy, in the case of 
20 particuiariy severe applications where the risk existe of lack of permanent physical 
connecticm betwem the central processor 15 and each peripheral unit 11, one can 
resort to such a level of peripheral processors (not shown) as to ensure continuity in the 
service even under extremely unfavourable conditions for remote communications. 

Besides for access control, the integrated system 10 is particuiariy indicated for 
25 use in automatic billing dispensing machines, equipment, e.g. for gyms, machines that 
can be automatically set after user's recognition, in releasing locks without the use of 
keys and so on, in the authorisation of payments, purchases, bank transfers or and the 
like. 

According anotiier modification of the invention, the Interface 17 can be 
30 integrated in the mother board of a central processor 15, while, according to a further 



12 



wo 01/84507 



PCT/EP01/a4912 



embcxliment, the software of the Interface 17 and the peripheral units 11 can be 
updated and altered via network. 
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